An industry-leading security solutions company creates innovative cyber and data security products for the cloud and on-premises. The firm’s integrated security platform includes tools to combat attacks, theft and fraud, mitigate risk, and streamline regulatory compliance.
Over 18,000 brands – including leaders in banking, telecom, retail and transportation – connect with thousands of consumers 24/7 on a leading mobile and online messaging platform. To support its clientele, the company’s global operations and 1,200 employees use multiple IT environments with assets in corporate, production and cloud-based networks and mobile devices.
The person responsible for the company’s strategy to protect critical data, information systems, users and infrastructure – throughout all business operations – is its Chief Security Officer (CSO). “The primary challenge with having multiple environments is that they are very dynamic,” he says. “There are change management challenges – despite the fact everything is documented – and the changes are very rapid.” Each of the firm’s development operations, system or network engineers can make changes to the network. “We need to understand the ramifications of each change in terms of its security risk in those environments,” says the CSO.
A lack of awareness of every change made to an IT environment, and whether it invites risk, are major headaches for businesses. In fact, despite almost $70B in security investment, organizations continue to face an uphill battle against breaches. The 2015 Verizon DBIR report found that in 60% of breaches attackers were able to compromise organizations within minutes, while these breaches remain undiscovered for weeks or months.
Underwhelming Security Validation Options
The company deployed a variety of vulnerability assessment and change management tools to help it identify, assess and efficiently manage security risks. “Even though we had a lot of sensors, none of them could show us the actual risk or breach scenarios once someone was inside the network,” says the CSO. “Our existing tools could only let us see this on a point-in-time basis.”
The mobile and online messaging platform provider wanted a better solution and began its due diligence. “The challenge with hiring ethical hackers or penetration testers is that they are very focused on finding vulnerabilities and exploiting them, which can impact the environment.” The CSO also evaluated using ‘red teams,’ which can go beyond standard vulnerabilities exercises and practices and perform drills on a company’s entire ecosystem without anyone’s knowledge.
“Most of this validation via specialized humans is very costly, takes a lot of time, shows only a limited point of view and is no longer valid after five minutes,” he says.
Why Only Play Defense?
After reviewing the options, the company chose the SafeBreach Security Validation Platform. SafeBreach simulates the Hackers' Playbook™ of hacker breach methods to find holes in an organization’s infrastructure before an attacker does. Organizations can quantify their risks from breaches and validate their security controls, without impacting their environment, acting like an automated, continuously-validating red team on a platform. The SafeBreach platform validates all possible breach methods within an attack kill chain in real-time.
“We liked SafeBreach’s combination of simulators that are constantly testing our infrastructure – not just point-in-time – and that we get updates on breach scenarios in real-time,” says the CSO. “The fact that SafeBreach does not impact stability or uptime in the environment is also a big advantage.”
Building A Proactive Framework
The mobile and online messaging platform leader quickly and seamlessly deployed SafeBreach, with simulators placed both inside and outside of its data center. This allowed the company to simulate breach scenarios across the entire kill chain, and validate both internal and external threats. “The SafeBreach platform enables us to find and remedy any security issues in our networks before an attacker has the chance to potentially do anything to exploit it,” says the CSO.
Challenging Security Controls
The CSO and his team quickly noticed the contributions of SafeBreach. “For the first time, we were able to see multiple breach scenarios displayed in one consolidated view or screen, rather than reading endless pages of a report on confusing environments,” he says. “In addition, some of our security controls that we thought were fully deployed were missing in certain segments of the network.”
The ability to challenge security controls, and identify which ones were not performing adequately, was important for better overall and proactive security. The company is so pleased it plans to try SafeBreach’s new endpoint simulator, which can execute simulated attacks on endpoints and challenge their endpoint security controls.
Security Through Validation
SafeBreach delivers a new approach through which organizations are empowered to act like hackers and simulate breach methods to proactively find holes in their network before an attacker does. By taking an offensive approach to security, security professionals can understand the hackers’ perspective, gain visibility into exactly how vulnerable their organization is and focus their resources appropriately.
The CSO has advice for other companies that may be evaluating the benefits of offensive security. “The most important thing is validation -- validating your controls and assumptions,” he says. “We all know assumptions break easily when checked. It’s not just about offense versus defense, because over time we have invested money in both areas. The bottom line is you must validate your controls, your beliefs and that the concept in your mind is true. Having a platform like SafeBreach that can reassure and constantly confirm the tools you have in place, and that they’re doing what they are supposed to do, is a real game changer.”
SafeBreach answers the key question organizations struggle to answer, “Am I secure?” The platform simulates hacker breach methods so that security professionals can quantify their actual risks from breaches, validate their security controls and empower their security red teams. That’s powerful security.